In a cloud-based security platform such as the Cisco umbrella, customer data traffic is generally secured through layered defensive and offensive security techniques. The general objective is to secure traffic generated through any protocol and on any port. This approach is commonly known as ‘all port, all protocol’ security.
Currently, cloud-based security platforms, like the Cisco umbrella, use DNS based security measures to stop threats. Virtual appliances, such as VMware, deployed on enterprise customer network, direct internet traffic to resolvers in the cloud system. The resolvers, instead of proxying all the web traffic, will route requests to risky domains for deeper URL and file inspection. If the resolvers assess and determine that a resolved IP address belongs to a risky domain, it is blocked and the customer is instead directed to a lander page which is basically a block page. This is the level of security offered in many conventional cloud-based security platforms.
The DNS level security implementation is primarily considered an add-on security and not core level security. Other security implementations like the secure web gateway are by default configured to scan and filter requests for web access arriving on ports 80 and 443. These technologies are not adequately responsive to security concerns of some network clients who want to secure all ports and protocols branching out from their enterprise edge device. Furthermore, conventional security inspection schemes, as deployed for example, by the Cisco Umbrella, may send all the internet bound traffic to a central office/headquarter for further security inspection and subsequently backhaul the traffic from the headquarter. This may not be amenable to many clients who prefer direct cloud access, originating from their enterprise or branch office edge router and leading directly to the cloud.